Add deps tracking for SBOMs
Test: m compliance_sbom
Bug: 242220547
Change-Id: Ife93e0e1cdc43490818798922d574ae1b1d441d1
diff --git a/tools/compliance/cmd/sbom/sbom.go b/tools/compliance/cmd/sbom/sbom.go
index 493d331..e031052 100644
--- a/tools/compliance/cmd/sbom/sbom.go
+++ b/tools/compliance/cmd/sbom/sbom.go
@@ -271,6 +271,17 @@
return pms[index], nil
}
+// inputFiles returns the complete list of files read
+func inputFiles(lg *compliance.LicenseGraph, pmix *projectmetadata.Index, licenseTexts []string) []string {
+ projectMeta := pmix.AllMetadataFiles()
+ targets := lg.TargetNames()
+ files := make([]string, 0, len(licenseTexts)+len(targets)+len(projectMeta))
+ files = append(files, licenseTexts...)
+ files = append(files, targets...)
+ files = append(files, projectMeta...)
+ return files
+}
+
// sbomGenerator implements the spdx bom utility
// SBOM is part of the new government regulation issued to improve national cyber security
@@ -417,6 +428,7 @@
fmt.Fprintf(ctx.stdout, "ExtractedText: <text>%v</text>\n", string(text))
}
- deps := licenseTexts
+ deps := inputFiles(lg, pmix, licenseTexts)
+ sort.Strings(deps)
return deps, nil
}